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DETAILED ACTION 

This office action is responsive to communication filed on 10/08/2003. 

Information Disclosure Statement 

1 . The information disclosure statement (IDS) submitted on 10/08/2003 is in 
compliance with the provisions of 37 CFR 1 .97 and has been considered by the 
examiner. 

Claim Rejections - 35 USC § 102 

2. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 1 02 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1 ) an application for patent, published under section 1 22(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351 (a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

3. Claims 1-28 are rejected under 35 U.S.C. 102(e) as being anticipated by Barrett 

et al (hereinafter Barrett) U.S. Pub. No. 2004/0015583 A1 . 
Regarding claims 1-28, Barrett teaches: 
1 . An apparatus, comprising: 

an intrusion detection system (IDS) module coupled to a main central processing 
unit (CPU), the main CPU being operable to communicate a copy of one or more 
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incoming packets to the IDS module (fig. 4; par. 0072; see that the detecting program 
41 1 is the IDS, attached to the processor 409), 

which is operable to identify a volume associated with the incoming packets in 
order to communicate feedback information to the main CPU (par. 0072), 

the feedback information signaling that the IDS module is expending a 
designated amount of resources based on the volume, wherein the main CPU is 
operable to respond to the feedback information by restricting a number of additional 
incoming packets that are received by the main CPU (par. 0072, and 0004). 

2. The apparatus of Claim 1 , wherein the IDS module is operable to identify a plurality of 
thresholds, one or more of which are operable to trigger the feedback information to be 
communicated to the main CPU by the IDS module, the one or more thresholds each 
representing volume levels reflecting an amount of incoming packets that are received 
by the IDS module, and wherein the main CPU is operable to increase the volume 
associated with the incoming packets in response to receiving additional feedback from 
the IDS module (see fig. 4, par. 0072-0074). 

3. The apparatus of Claim 1 , wherein the IDS module communicates with the main CPU 
based on a selected one of a router blade control protocol (RBCP) and a simple 
network management protocol (SNMP) (0004, 0030). 

4. The apparatus of Claim 1 , wherein the IDS module is operable to communicate an 
alarm to a network management element that signals that the IDS module has 
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reached a certain volume level associated with an amount of incoming packets received 
(0075-0076). 

5. The apparatus of Claim 1 , wherein the IDS module is operable to execute a 
transmission control protocol (TCP) reset in order to indicate an attack is being seen 
from a source address such that a connection corresponding to the source address may 
be torn down (fig. 4; 0080. 0100). 

6. The apparatus of Claim I, wherein the IDS module is operable to block a source 
location by establishing an access control list (ACL) that includes the source location, 
wherein communications associated with the source location are restricted as a result of 
being included on the ACL (0050). 

7. The apparatus of Claim I, wherein the IDS module and the main CPU are included in 
a network element, the network element being selected from a group of elements 
consisting of: 

(a) a router; 

(b) a bridge; 

(c) a switch; 

(d) a load balancer; 

(e) a processor; and 

(f) a gateway (par. 0022, 0027, item 101 and 109). 

8. A method for implementing traffic management, comprising: 
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communicating a copy of one or more incoming packets; 

identifying a volume associated with the incoming packets in order to communicate 
feedback information to a main central processing unit (CPU), the feedback information 
signaling that an intrusion detection system (IDS) module is expending a designated 
amount of resources; and responding to the feedback information by restricting a 
number of additional incoming packets that are received by the main CPU (see fig. 4, 
par. 0072; 0004). 

9. The method of Claim 8, further comprising: 

identifying a plurality of thresholds, one or more of which are operable to trigger 
the feedback information to be communicated to the main CPU by the IDS module, the 
one or more thresholds each representing volume levels of incoming packets that are 
received by the IDS module (see fig. 4, par. 0072-0074). 

10. The method of Claim 8, wherein the IDS module communicates with the main CPU 
based on a selected one of a router blade control protocol (RBCP) and a simple 
network management protocol (SNMP) (0004, 0030). 

1 1 . The method of Claim 8, further comprising: 

communicating an alarm to a network management element that signals that the 
IDS module has reached a certain volume level associated with an amount of 
incoming packets received (0075-0076) 

12. The method of Claim 8, further comprising: 
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executing a transmission control protocol (TCP) reset in order to indicate an 
attack is being seen from a source address such that a connection corresponding to 
the source address may be torn down (fig. 4; 0080. 0100). 

13. The method of Claim 8, further comprising: 

blocking a source location by establishing an access 
control list (ACL) that includes the source location, wherein communications associated 
with the source location are restricted as a result of being included on the ACL (0050). 

14. The method of Claim 8, further comprising: 

increasing the volume associated with the incoming packets based on additional 
feedback being received from the IDS module, the additional feedback reflecting a 
reduced volume associated with the incoming packets (see fig. 4, par. 0072-0074). 

15. A system for implementing traffic management, comprising: 

means for communicating a copy of one or more incoming packets; 

means for identifying a volume associated with the incoming packets in order to 
communicate feedback information to a main central processing unit (CPU), the 
feedback information signaling that an intrusion detection system (IDS) module is 
expending a designated amount of resources; and means for responding to the 
feedback information by restricting a number of additional incoming packets that 
are received by the main CPU (see fig. 4, par. 0072-0074; 0004). 
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16. The system of Claim 15, further comprising: 

means for identifying a plurality of thresholds, one or more of which are operable 
to trigger the feedback information to be communicated to the main CPU by the IDS 
module, the one or more thresholds each representing volume levels of incoming 
packets that are received by the IDS module (see fig. 4, par. 0072-0074). 

17. The system of Claim 15, wherein the IDS module communicates with the main CPU 
based on a selected one of a router blade control protocol (RBCP) and a simple 
network management protocol (SNMP) (0004, 0030). 

18. The system of Claim 15, further comprising: 

means for communicating an alarm to a network management element that 
signals that the IDS module has reached a certain volume level associated with an 
amount of incoming packets received (0075-0076) 

1 9. The system of Claim 1 5, further comprising: 

means for executing a transmission control protocol (TCP) reset in order to 
indicate an attack is being seen from a source address such that a connection 
corresponding to the source address may be torn down (fig. 4; 0080. 0100). 

20. The system of Claim 15, further comprising: 
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means for blocking a source location by establishing an access control list (ACL) 
that includes the source location, wherein communications associated with the 
source location are restricted as a result of being included on the ACL (0050). 

21 . The system of Claim 1 5, further comprising: 

means for increasing the volume associated with the incoming packets based on 
additional feedback being received from the IDS module, the additional feedback 
reflecting a reduced volume associated with the incoming packets (see fig. 4, par. 0072- 
0074).5. 

22. Software for implementing traffic management, the software comprising computer 
code such that when executed is operable to: 

communicate a copy of one or more incoming packets; 

identify a volume associated with the incoming packets in order to communicate 
feedback information to a main central processing unit (CPU), the feedback information 
signaling that an intrusion detection system(IDS) module is expending a designated 
amount of resources; and respond to the feedback information by restricting a number 
of additional incoming packets that are received by the main CPU (see fig. 4, par. 0072- 
0074; 0004). 

23. The medium of Claim 22, wherein the code if further operable to: 

identify a plurality of thresholds, one or more of which are operable to trigger the 
feedback information to be communicated to the main CPU by the IDS module, the 
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one or more thresholds each representing volume levels of incoming packets that are 
received by the IDS module (see fig. 4, par. 0072-0074). 

24. The medium of Claim 22, wherein the IDS module communicates with the main 
CPU based on a selected one of a router blade control protocol (RBCP) and a simple 
network management protocol (SNMP) (0004, 0030). 

25. The medium of Claim 22, wherein the code if further operable to: 

communicate an alarm to a network management element that signals that the IDS 
module has reached a certain volume level associated with an amount of incoming 
packets received (0075-0076) 

26. The medium of Claim 22, wherein the code if further operable to: 

execute a transmission control protocol (TCP) reset in order to indicate an attack is 
being seen from a source address such that a connection corresponding to 
the source address may be torn down (fig. 4; 0080. 0100). 

27. The medium of Claim 22, wherein the code if further operable to: 

block a source location by establishing an access control list (ACL) that includes the 
source location, wherein communications associated with the source location are 
restricted as a result of being included on the ACL (0050). 

28. The medium of Claim 22, wherein the code if further operable to: 
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increase the volume associated with the incoming packets based on additional 
feedback being received from the IDS module, the additional feedback reflecting a 
reduced volume associated with the incoming packets (see fig. 4, par. 0072-0074). 

Conclusion 

4. This action is made Non-Final. Any inquiry concerning this communication or 
earlier communications from examiner should be directed to Jude Jean-Gilles whose 
telephone number is (571 ) 272-3914. The examiner can normally be reached on 
Monday-Thursday and every other Friday from 8:00 AM to 5:30 PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Nathan Flynn, can be reached on (571) 272-1915. The fax phone number 
for the organization where this application or proceeding is assigned is (571 ) 273-3301 . 

Any inquiry of a general nature or relating to the status of this application or 
proceeding should be directed to the receptionist whose telephone number is (571) 272- 
0800. 

JJG 

April 21, 2008 

/Jude J Jean-Gilles/ 

Primary Examiner, Art Unit 2143 



